Fdc.sys and discovery of a trojan?

Hi, on my thread in the XP section

http://www.windowsbbs.com/windows-xp/80790-irq-conflict-random-re-booting.html

I posted about locations fdc.sys, and it brought this up:

C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

Another user suggested this may be a trojan and suggested i post in this forum for some help.

Thanks

I have just read instructions and running scan now

 

You need to follow these instructions and await the arrival of one of the Malware Removal Specialists. My apologies - I should have been more specific.

Good Luck.

 

No apology needed...i should have read the post at the top of the forum first! I will amend it all now

 

Attach info:


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe CSI CS4
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS4
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
BT Home Hub
BT Wireless Connection Manager
BT Yahoo! Applications
Choice Guard
Debugging Tools for Windows (x86)
Driver Genius Professional Edition
EPSON PhotoQuicker3.5
EPSON Printer Software
FinePixViewer Resource
FinePixViewer Ver.5.0
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Image Resizer Powertoy for Windows XP
ImageMixer VCD2 LE for FinePix
Java(TM) 6 Update 11
Junk Mail filter update
Kaspersky Internet Security 2009
Linksys Wireless-G PCI Adapter
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSVCRT
NVIDIA Drivers
NVIDIA PhysX v8.10.13
RAW FILE CONVERTER LE
Razer DeathAdder(TM) Mouse
Realtek High Definition Audio Driver
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
ScanToWeb
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
Suite Shared Configuration CS4
System Requirements Lab
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Vuze
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Cypress (CyUsb) USB
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack

==== End Of File ===========================

 

DDS info:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Helen at 14:29:17.35 on 26/01/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://madonnalicious.typepad.com/madonnalicious/
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [eyeBeam SIP Client]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200 "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232492187609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232534200515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-26 14:29 <DIR> --d-h--- c:\windows\PIF
2009-01-26 13:20 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-01-25 14:40 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-01-25 14:40 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-25 14:40 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-01-25 14:40 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-01-25 14:40 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-01-25 14:40 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-01-25 14:40 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-01-25 14:40 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-01-25 14:38 19,528 ac------ c:\windows\system32\dllcache\w840nd.sys
2009-01-25 14:37 94,720 ac------ c:\windows\system32\dllcache\umaxud32.dll
2009-01-25 14:36 82,944 ac------ c:\windows\system32\dllcache\tp4mon.exe
2009-01-25 14:35 30,688 ac------ c:\windows\system32\dllcache\sym_u3.sys
2009-01-25 14:34 37,040 ac------ c:\windows\system32\dllcache\sonypi.sys
2009-01-25 14:33 91,294 ac------ c:\windows\system32\dllcache\skfpwin.sys
2009-01-25 14:32 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2009-01-25 14:31 19,017 ac------ c:\windows\system32\dllcache\rtl8029.sys
2009-01-25 14:30 128,286 ac------ c:\windows\system32\dllcache\ptserli.sys
2009-01-25 14:29 29,769 ac------ c:\windows\system32\dllcache\pcntn5m.sys
2009-01-25 14:28 198,144 ac------ c:\windows\system32\dllcache\nv3.sys
2009-01-25 14:27 128,000 ac------ c:\windows\system32\dllcache\n100325.sys
2009-01-25 14:26 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-01-25 14:25 34,688 ac------ c:\windows\system32\dllcache\lbrtfdc.sys
2009-01-25 14:24 90,200 ac------ c:\windows\system32\dllcache\io8ports.dll
2009-01-25 14:23 58,592 ac------ c:\windows\system32\dllcache\i740nt5.sys
2009-01-25 14:22 324,608 ac------ c:\windows\system32\dllcache\hpojwia.dll
2009-01-25 14:21 455,680 ac------ c:\windows\system32\dllcache\fus2base.sys
2009-01-25 14:20 53,248 ac------ c:\windows\system32\dllcache\eqndiag.exe
2009-01-25 14:19 91,305 ac------ c:\windows\system32\dllcache\dimaint.sys
2009-01-25 14:18 60,970 ac------ c:\windows\system32\dllcache\cpqtrnd5.sys
2009-01-25 14:17 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-01-25 14:16 104,832 ac------ c:\windows\system32\dllcache\atiraged.dll
2009-01-25 14:15 297,728 ac------ c:\windows\system32\dllcache\ac97sis.sys
2009-01-24 15:45 319,488 a------- c:\windows\HideWin.exe
2009-01-24 15:41 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-01-24 15:41 356,352 a------- c:\windows\system32\nvunrm.exe
2009-01-24 15:41 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-01-24 15:40 895,744 a------- c:\windows\system32\drivers\nvnrm.sys
2009-01-24 15:40 261,632 a------- c:\windows\system32\drivers\nvsnpu.sys
2009-01-24 15:40 110,592 a------- c:\windows\system32\drivers\nvtcp.sys
2009-01-24 15:40 58,368 a------- c:\windows\system32\drivers\NVENETFD.sys
2009-01-24 15:40 35,840 a------- c:\windows\system32\nvconrm.dll
2009-01-24 15:40 19,968 a------- c:\windows\system32\drivers\nvnetbus.sys
2009-01-24 15:40 192,512 a------- c:\windows\system32\fdco1.dll
2009-01-24 15:40 9,216 a------- c:\windows\system32\bdco1.dll
2009-01-22 23:57 <DIR> --d----- C:\symbols
2009-01-22 23:39 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2009-01-22 16:48 <DIR> --d----- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2009-01-22 16:47 201,050 a------- c:\windows\system32\nvapps.nvb
2009-01-22 16:11 553 a------- c:\windows\USetup.iss
2009-01-22 16:09 290,816 a------- c:\windows\vncutil.exe
2009-01-22 16:09 34,816 a------- c:\windows\system32\RtkCoInstXP.dll
2009-01-22 16:09 104,992 a------- c:\windows\RtkAudioService.exe
2009-01-22 16:09 1,389,056 a------- c:\windows\system32\drivers\Monfilt.sys
2009-01-22 16:09 1,684,736 a------- c:\windows\system32\drivers\Ambfilt.sys
2009-01-22 16:01 427,864 a------- c:\windows\system32\XceedZip.dll
2009-01-22 16:01 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-01-22 16:01 662,288 a------- c:\windows\system32\MSCOMCT2.OCX
2009-01-22 16:01 <DIR> --d----- c:\program files\Driver-Soft
2009-01-22 15:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers Headquarters
2009-01-22 15:08 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-01-22 14:07 376 a------- c:\windows\ODBC.INI
2009-01-22 14:07 24,816 a------- c:\windows\system32\mdimon.dll
2009-01-22 14:05 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-22 14:03 <DIR> --d----- c:\windows\SHELLNEW
2009-01-22 12:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2009-01-22 12:50 131,072 a------- c:\windows\system32\Epcmlib.dll
2009-01-22 12:48 76,045 a------- c:\windows\system32\EBPMON24.DLL
2009-01-22 12:48 64,000 a------- c:\windows\system32\ECBTEG.DLL
2009-01-22 12:48 34,304 a------- c:\windows\system32\EBPCHP.DLL
2009-01-22 12:48 31,744 a------- c:\windows\system32\E_DCINST.DLL
2009-01-22 12:48 182 a------- c:\windows\system32\EBPPORT4.DAT
2009-01-22 12:48 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-22 12:48 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-22 12:45 <DIR> --d----- c:\program files\EPSON
2009-01-22 12:45 18,787 a------- c:\windows\EPSTPLOG.BAK
2009-01-22 12:44 25 a------- c:\windows\CDER200Euro.ini
2009-01-21 19:31 <DIR> --d----- c:\windows\system32\Adobe
2009-01-21 16:51 <DIR> --d----- c:\docume~1\helen\applic~1\Samsung
2009-01-21 16:47 174,592 a------- c:\windows\system32\framedyn.dll
2009-01-21 16:47 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-21 16:47 94,000 a------- c:\windows\system32\drivers\ss_mdm.sys
2009-01-21 16:47 58,320 a------- c:\windows\system32\drivers\ss_bus.sys
2009-01-21 16:47 8,304 a------- c:\windows\system32\drivers\ss_mdfl.sys
2009-01-21 16:47 6,144 a------- c:\windows\system32\drivers\ss_cmnt.sys
2009-01-21 16:47 6,144 a------- c:\windows\system32\drivers\ss_cm.sys
2009-01-21 16:47 5,808 a------- c:\windows\system32\drivers\ss_whnt.sys
2009-01-21 16:47 5,808 a------- c:\windows\system32\drivers\ss_wh.sys
2009-01-21 16:47 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-01-21 16:46 766 a------- c:\windows\system32\Uninstall.ico
2009-01-21 16:46 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-01-21 16:46 <DIR> --d----- c:\program files\Samsung
2009-01-21 16:12 421,888 a------- c:\windows\system32\ac3filter.acm
2009-01-21 16:12 <DIR> --d----- c:\program files\XP Codec Pack
2009-01-21 14:08 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-21 14:07 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-21 14:06 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-21 13:58 13,184 a------- c:\windows\system32\drivers\bsaspi32.sys
2009-01-21 13:58 9,688 a------- c:\windows\system32\drivers\cdrbsvsd.sys
2009-01-21 13:58 13,567 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-01-21 13:57 <DIR> --d----- c:\program files\PIXELA
2009-01-21 13:56 106,496 a------- c:\windows\system32\FPXS2Pro.dll
2009-01-21 13:54 274,432 a------- c:\windows\system32\FFTIFF16.dll
2009-01-21 13:54 155,648 a------- c:\windows\system32\FFRAFLIB.DLL
2009-01-21 13:52 81,924 -------- c:\windows\system32\drivers\VC4CB104.SYS
2009-01-21 13:52 <DIR> --d----- c:\program files\REGSHAVE
2009-01-21 13:52 65,536 -------- c:\windows\system32\FINFCHECK.dll
2009-01-21 13:52 45,056 -------- c:\windows\system32\FINFCOPY.dll
2009-01-21 13:52 69,632 -------- c:\windows\system32\FREGSHEX.DLL
2009-01-21 13:52 45,056 -------- c:\windows\system32\FCLKBTN.DLL
2009-01-21 11:32 <DIR> --d----- c:\program files\Microsoft IntelliType Pro
2009-01-21 11:27 22,784 a------- c:\windows\system32\drivers\dadder.sys
2009-01-21 11:26 31,104 a------- c:\windows\system32\drivers\CYUSB.sys
2009-01-21 11:26 73,728 a------- c:\windows\system32\DeathAdder.cpl
2009-01-21 10:50 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-21 10:50 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-21 10:50 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-21 10:50 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-21 10:50 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-21 10:50 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-21 10:50 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-21 10:50 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-21 10:50 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-21 10:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-01-21 10:45 <DIR> --d----- c:\docume~1\helen\applic~1\Azureus
2009-01-21 10:44 <DIR> --d----- c:\program files\Vuze
2009-01-21 10:43 2,189,184 ac------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-21 10:43 2,066,048 ac------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-21 10:40 <DIR> --d----- c:\docume~1\helen\applic~1\Windows Live Writer
2009-01-21 09:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-21 09:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-21 09:59 <DIR> --d----- c:\documents and settings\helen\Tracing
2009-01-21 09:58 55,136 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-21 09:55 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-01-21 09:55 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-01-21 09:54 <DIR> --d----- c:\program files\Microsoft
2009-01-21 09:53 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-21 09:51 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-21 09:36 <DIR> --d----- c:\windows\system32\scripting
2009-01-21 09:36 <DIR> --d----- c:\windows\system32\en
2009-01-21 09:36 <DIR> --d----- c:\windows\system32\bits
2009-01-21 09:36 <DIR> --d----- c:\windows\l2schemas
2009-01-21 09:35 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-21 09:33 <DIR> --d----- c:\windows\network diagnostic
2009-01-21 09:29 <DIR> --d----- c:\windows\EHome
2009-01-21 09:26 404,990 ac------ c:\windows\system32\dllcache\slntamr.sys
2009-01-20 23:01 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-01-20 23:01 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-01-20 23:00 2,365,472 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-20 23:00 401,440 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-20 23:00 21,656 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-20 23:00 4,548 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-01-20 23:00 <DIR> --d----- c:\program files\Kaspersky Lab
2009-01-20 23:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-01-20 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-20 22:59 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-20 22:59 <DIR> --d-h--- c:\windows\$hf_mig$
2009-01-20 22:57 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-01-20 22:57 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-01-20 22:57 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-20 22:57 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-01-20 22:57 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-20 22:53 <DIR> --dsh--- c:\documents and settings\helen\UserData
2009-01-20 22:50 13,646 a------- c:\windows\system32\wpa.bak
2009-01-20 22:43 24,576 a------- c:\windows\system32\msxml3a.dll
2009-01-20 22:42 65,536 a------- c:\windows\system32\YCRWin32.dll
2009-01-20 22:42 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-20 22:42 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-20 22:42 344,064 a------- c:\windows\system32\msvcr70.dll
2009-01-20 22:42 89,088 a------- c:\windows\system32\ATL71.DLL
2009-01-20 22:42 84,992 a------- c:\windows\system32\ATL70.DLL
2009-01-20 22:42 <DIR> --d----- c:\program files\Yahoo!
2009-01-20 22:42 <DIR> --d----- c:\windows\Motive
2009-01-20 22:42 <DIR> --d----- c:\program files\btbb_wcm
2009-01-20 22:42 <DIR> --d----- c:\program files\common files\Motive
2009-01-20 22:40 <DIR> --d----- c:\program files\BT Home Hub
2009-01-20 22:29 <DIR> --d----- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-01-20 22:27 8 a------- c:\windows\system32\nvModes.dat
2009-01-20 22:25 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-20 22:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-20 22:24 200,055 a------- c:\windows\system32\nvapps.xml
2009-01-20 22:24 453,152 a------- c:\windows\system32\nvudisp.exe
2009-01-20 22:24 18,394 a------- c:\windows\system32\nvdisp.nvu
2009-01-20 22:24 <DIR> --d----- c:\windows\nview
2009-01-20 22:24 <DIR> --d----- C:\NVIDIA
2009-01-20 22:23 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-01-20 22:19 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-01-20 22:19 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-01-20 22:19 <DIR> --d----- c:\windows\system32\Lang
2009-01-20 22:17 17,021,440 a------- c:\windows\RTHDCPL.EXE
2009-01-20 22:17 <DIR> --d----- c:\program files\Realtek
2009-01-20 22:15 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-20 22:15 356,352 -------- c:\windows\system32\nvuide.exe
2009-01-20 22:15 1,570 -------- c:\windows\system32\nvide.nvu
2009-01-20 22:15 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-20 22:13 15,600 a------- c:\windows\gdrv.sys
2009-01-20 21:05 <DIR> --d----- c:\documents and settings\Helen
2009-01-20 21:04 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-20 20:39 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-20 20:37 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-01-20 20:36 <DIR> --d----- c:\windows\system32\xircom
2009-01-20 20:36 2,577 a------- c:\windows\system32\CONFIG.NT
2009-01-20 20:36 0 a------- c:\windows\control.ini
2009-01-20 20:36 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-20 20:36 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-20 20:36 316,640 a------- c:\windows\WMSysPr9.prx
2009-01-20 20:36 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-20 20:35 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-20 20:34 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-20 20:33 <DIR> --d----- c:\program files\Online Services
2009-01-20 20:33 <DIR> --d----- c:\program files\Messenger
2009-01-20 20:33 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-20 20:32 <DIR> --d----- c:\program files\Windows NT
2009-01-20 20:26 <DIR> --d----- c:\program files\common files\ODBC
2009-01-20 20:26 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-20 20:25 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-21 09:38 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-20 22:41 155,995 a------- c:\windows\java\packages\0HBJRBFN.ZIP
2009-01-20 22:41 2,232 a------- c:\windows\java\packages\data\D3F3FV3B.DAT
2009-01-20 22:41 2,678 a------- c:\windows\java\packages\data\J3VNDBHJ.DAT
2009-01-20 22:41 2,678 a------- c:\windows\java\packages\data\R7NL7TBZ.DAT
2009-01-20 22:41 2,678 a------- c:\windows\java\packages\data\I3JBNFBX.DAT
2009-01-20 22:41 2,678 a------- c:\windows\java\packages\data\BVBZ1JNT.DAT
2009-01-20 22:41 2,678 a------- c:\windows\java\packages\data\5VDVVB3L.DAT
2009-01-20 22:29 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-01-20 20:34 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-26 00:08 801,312 a------- c:\windows\system32\nvcplui.exe
2008-12-19 15:15 4,338,246 a------- c:\windows\system32\libavcodec.dll
2008-12-17 17:41 884,237 a------- c:\windows\system32\ff_x264.dll
2008-12-17 17:22 93,184 a------- c:\windows\system32\ff_wmv9.dll
2008-12-17 17:22 57,344 a------- c:\windows\system32\ff_vfw.dll
2008-12-17 17:17 239,247 a------- c:\windows\system32\ff_theora.dll
2008-12-17 16:59 560,802 a------- c:\windows\system32\libmplayer.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-11-29 20:26 991,232 a------- c:\windows\system32\VSFilter.dll
2008-11-11 20:00 218,376 a------- c:\windows\system32\klogon.dll

============= FINISH: 14:34:33.17 ===============

 

Hi

I believe this folder is used to store Windows Updates or software updates.

Please do this and let me know what's in the folder.

Enable the 'Show Hidden Files/Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.


Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please open this folder (if present):

C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

Here is some info on that file.

fdc.sys
http://www.bleepingcomputer.com/filedb/fdc.sys-900.html

Thanks
Geri

 

Hi, thanks for replying. In the folders is lots of small files html, appl ext, inc, state etc. But the main folders within it are:

asms
backup
ic
lang
new
update
npdrmv2
npds

 

Hi
OK I believe those are OK, Lets get a on line scan.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

I used ATF, and tried to run the scan, but everytime it got near to the end of downloading the update files my computer re-booted. I've tried to do it with my normal Kaspersky protection disabled, and not running at all...and it always does it.

I'm now running a full system scan using my normal installed Kaspersky, i'll post results

 

My full system scan found these:


Win32.Alcaul.bb

Win32.Agent.yxh

 

Hi Velectro

Can you give me the file paths that Kaspersky shows for them.

Thanks

 

Hi, sorry I should have thought to put in the file paths initially:

Detected: Email-Worm.Win32.Alcaul.bb D:\System Volume Information\_restore{5DB8A98D-614E-42A4-BB2D-EAF23E7428A7}\RP30\A0012586.exe/Driver Detective 6.2.5.0.exe




Detected: Trojan-Downloader.Win32.Agent.yxh D:\System Volume Information\_restore{5DB8A98D-614E-42A4-BB2D-EAF23E7428A7}\RP30\A0012586.exe/setup.exe
Detected: Trojan-Downloader.Win32.Agent.yxh C:\Documents and Settings\Helen\Local Settings\Temp\IXP000.TMP\setup.exe

 

Hi
OK please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

What is your D Drive? and what version of windows are you running? XP or Vista?

Thanks

 

I've run ATF cleaner. I am running XP Home. I'm not sure what you mean by what is my D drive...all i can think to tell you is its a Maxtor 250gb drive

 

Hi
OK please do this.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

Now run a new Kaspersky scan and post the log.

Thanks
Geri

 

Hi, here is the scan info:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 02, 2009 12:50:33
Records in database: 1737508
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 59526
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:33:24

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

Hi
OK perfect.

How are things running?

Geri

 

Hi there, I haven't had a BSOD for a couple of days, so i'm just following instructions on my other thread. However, at least i know now i haven't got a virus - thanks for your help

 

Hi
OK good to hear.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

Surf Safely
Geri